﻿using Duende.IdentityServer.Models;
using IdentityModel;

namespace Service.Auth.Infrastructure
{

    //先走静态，后续换成数据库
    public class Config
    {
        /// <summary>
        /// 获取自定义API资源列表
        /// </summary>
        /// <returns></returns>
        public static IEnumerable<ApiResource> GetApiResources()
        {
            List<ApiResource> apiResources =
            [
                new ApiResource()
                {
                    Name = "ServiceAuth",
                    DisplayName = "授权中心微服务",
                    UserClaims = new List<string>() { JwtClaimTypes.Role },
                    Scopes = { "ServiceAuth" }
                },//定义资源名称
                new ApiResource()
                {
                    Name = "ServiceGateway",
                    DisplayName = "网关微服务",
                    UserClaims = new List<string>() { JwtClaimTypes.Role },
                    Scopes = { "ServiceGateway" }
                },//定义资源名称
                new ApiResource()
                {
                    Name = "ServiceDevops",
                    DisplayName = "运维",
                    UserClaims = new List<string>() { JwtClaimTypes.Role },
                    Scopes = { "ServiceDevops" }
                },//定义资源名称
            ];
            return apiResources;
        }

        /// <summary>
        /// 获取自定义客户端配置列表
        /// 支持 授权码，隐藏式，密码式，凭证式、混合式
        /// </summary>
        /// <returns></returns>
        public static IEnumerable<Client> GetClients()
        {
            List<Client> clients =
            [
                //客户端凭证授权模式（用于客户端访问微服务API资源授权认证）
                new Client()
                {
                    ClientId = "client",//定义客户端获取Token时指定的client_id值
                    AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,//指定grant_type为client_credentials客户端授权模式
                    ClientSecrets = { new Duende.IdentityServer.Models.Secret("Secret".Sha256()) },//定义客户端获取token时指定的client_secret值
                    AllowOfflineAccess = true,//如果要获取refresh_tokens ,必须把AllowOfflineAccess设置为true
                    AccessTokenLifetime = 3600,//token有效期，默认3600秒
                    AllowedScopes = { "ServiceAuth", "ServiceGateway", "ServiceDevops" }//设置可访问范围的资源名称
                },
            ];
            return clients;
        }

        /// <summary>
        /// 获取IdentityServer4自身API资源列表
        /// </summary>
        /// <returns></returns>
        public static IEnumerable<IdentityResource> GetIdentityResources()
        {
            return new List<IdentityResource> { new IdentityResources.OpenId(), new IdentityResources.Profile() };
        }

        public static IEnumerable<ApiScope> GetApiScopes()
        {
            return new List<ApiScope> { new ApiScope("ServiceAuth"), new ApiScope("ServiceGateway"), new ApiScope("ServiceDevops") };
        }
    }
}
